CVE-2023-3776

Public on 2023-07-21
Modified on 2024-01-12
Description

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.

If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2023-08-08 ALAS-2023-1792
Amazon Linux 2 - Core kernel 2023-08-07 ALAS2-2023-2179
Amazon Linux 2 - Kernel-5.10 Extra kernel 2023-08-07 ALAS2KERNEL-5.10-2023-038
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-08-07 ALAS2KERNEL-5.15-2023-025
Amazon Linux 2 - Kernel-5.4 Extra kernel 2023-08-07 ALAS2KERNEL-5.4-2023-050
Amazon Linux 2023 kernel 2023-08-25 ALAS2023-2023-299
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.318-240.529 2023-09-25 ALAS2LIVEPATCH-2023-148
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.318-241.531 2023-09-25 ALAS2LIVEPATCH-2023-147
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.320-242.534 2023-09-25 ALAS2LIVEPATCH-2023-146
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.179-171.711 2023-09-25 ALAS2LIVEPATCH-2023-144
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-174.730 2023-09-25 ALAS2LIVEPATCH-2023-143
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-175.731 2023-09-25 ALAS2LIVEPATCH-2023-142
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-175.749 2023-09-25 ALAS2LIVEPATCH-2023-145
Amazon Linux 2023 kernel-livepatch-6.1.29-50.88 2023-10-23 ALAS2023LIVEPATCH-2023-015
Amazon Linux 2023 kernel-livepatch-6.1.34-56.100 2023-10-23 ALAS2023LIVEPATCH-2023-014
Amazon Linux 2023 kernel-livepatch-6.1.34-58.102 2023-10-23 ALAS2023LIVEPATCH-2023-013
Amazon Linux 2023 kernel-livepatch-6.1.34-59.116 2023-10-23 ALAS2023LIVEPATCH-2023-012
Amazon Linux 2023 kernel-livepatch-6.1.38-59.109 2023-10-23 ALAS2023LIVEPATCH-2023-011

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2023-3776 Mitre: CVE-2023-3776